Home page logo

pauldotcom logo PaulDotCom mailing list archives

iframe injection question
From: christopher.riley at r-it.at (christopher.riley at r-it.at)
Date: Thu, 4 Jun 2009 08:57:05 +0200

Sure, make the link point to an HTTPS site with a valid certificate, or use
XSS to insert your desired content into an existing (vulnerable) HTTPS site
of your choice.


pauldotcom-bounces at mail.pauldotcom.com () inet wrote on 03.06.2009 23:24:20:

Let's say that I figured out how to inject an iframe into a site, but
the site is all SSL and the iframe content is only HTTP. Is there a
way to properly display that content without the end-users on IE
getting that "This page contains secure and insecure..." modal box?

- Chris Merkel
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR
0486809, UID ATU 16351908

Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail
dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche
Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden.
Correspondence with above mentioned sender via e-mail is only for
information purposes. This medium may not be used for exchange of
legally-binding communications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090604/3ed48722/attachment.htm 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]